Quote:
Originally posted by Tommy
A simple solution
what if you droped a cookie on the join page or the webgood page
|
I've used something a little bit similar as a small
part of a much more comprehensive solution.
A neat idea, with two things to keep in mind -
soemthing like 30% of punters have cookies
disabled, so you can't refuse access on that basis,
and password sites have gotten a lot more sophisticated too.
They can and sometimes do set the same darn cookie.
Not often, but sometimes.
Then of course something like Strongbox provides not only
a crytographically secure defense against shared passwords,
but also protects against dictionary attacks and other nefarious
activity, providing informative reports of it all.